How can I grant Team Project access to all users?

9
votes

In our organization we have some projects which are (by policy) open to all developers, QA, and project managers who have access to TFS. In a team project collection with more than 150 team projects and 500+ valid users, how can we easily add all valid TFS users to the "Readers" group for one specific project?

Considerations:

  • [Global]\Project Collection Valid Users cannot be added to any group, because every group is automatically a member of the Valid Users group. That would create a circular membership, and TFS won't let you do it (as far as I have learned through experimentation) anyway.
  • We could create a new AD or TFS group to contain a custom list of "valid users," but that list is constantly changing in an organization this size, and it would present a management challenge trying to keep that list in sync. I would rather find a way to take advantage of the fact that TFS already "knows" who all the valid users are.

I have already looked at the StackOverflow questions How to Grant Read-Only Access to All TFS Team Projects to a Group of Users? and How to add Windows group as “Readers” to all projects in TFS 2010 collection? which were suggested as I began typing this question, but I am not trying to add one user to all projects; I am trying to add all users to one project.

1
securitytfs
Ultimately users will be defined in some list... how would TFS know if the list has changed without nobody maintaining it?KMoraz

1 Answers

5
votes

Although you cannot add Project Collection Valid Users to a project group, you can add the group itself and give it the same permissions as another group (for example, the project's Readers group).

Steps to Add "Project Collection Valid Users" to a Team Project

In this example, we will grant read-only access to all valid users in the collection. You will probably want to grant matching access to the project's source code as well, so I will include that in the example.

  1. Open Team Explorer
  2. Right-click on the team project name
  3. Select Security...
  4. In the Project Security dialog that opens, make sure that Team Foundation Server Group is selected, and click Add...
  5. In the Add Group dialog that opens, your project's groups and all global groups are listed. Select [YourCollectionName]\Project Collection Valid Users and click OK.
  6. Back in the Project Security dialog, the lower pane lists available permissions. Check the view project-level information permission.
    • Optionally, select the View test runs permission as well, since that's what the Readers group has by default.
  7. Click Close to close the Project Security dialog.
  8. Open Source Control Explorer
  9. Right-click on the source control root for your project
  10. Select Properties..._
  11. Click the Security tab in the Properties dialog
  12. Make sure that Team Foundation Server Group is selected, and click Add... selected, and click Add...
  13. In the Add Group dialog that opens, your project's groups and all global groups are listed. Select [YourCollectionName]\Project Collection Valid Users and click OK.
  14. Back in the Properties dialog, still on the Security tab, the lower pane lists available permissions. Check Allow for the Read permission.

Now all users who have been added to any team project in your TFS Project Collection will be able to access your project and view source code.